Simple Guide to Wordlists
The only advantage you can have above attackers in a BlackBox Pentest is your wordlists. For example, if an attacker has 100 words and a Pentester has 150 words, then after a Pentest, there is a higher chance that the Pentester would figure out more endpoints in the application than the attacker and so the Pentester will be able to report more vulnerabilities. This ultimately leads to robust security.
Whether youβre testing a Web/API server or performing an infrastructure Pentest, wordlists are your most important tool when it comes to discovering new endpoints or brute-forcing passwords.
I recommend keeping different wordlists for different purposes.
Here are the 3 robust steps that will help you create and maintain your wordlists:
1. Run CeWL on Target application
CeWL is an open-source tool to create wordlists by crawling through a web application. It will only create the wordlist with words that are found on the application, so there will be much less noise than a typical wordlist that you download from the internet.
2. Use AltDNS for Permutations
Assuming you have already run CeWL and created a wordlist. The next step is to run AltDNS to generate permutations of the wordlist that has been generated by CeWL. Usually, AltDNS results in a huge wordlist, it might take some time, so be patient. Good things take time. The result will be a master list. Be sure to sort and remove duplicates.
3. Maintaining the wordlist
Maintaining a healthy wordlist is the key to success of a penetration test. To do so, running CeWL on every web application you encounter and adding the output to the master list is important.
This is a good way to have a wordlist for your penetration tests. With each penetration test you perform, your master wordlist is going to get stronger and stronger. Now for wordlist of passwords, you can use a common password wordlist from the internet as an input to AltDNS would result in a great wordlist.